Heur/malware

[Guest]

Install the Avira AntiVirus and unpon reboot, it say it found a file that
contains suspicious code Heur/malware at location
c:\winnt\system32\ratbgpi.dll. it gives me the option of quaratine/deny
access. Choosing either option, the message still remains even after clicking
many times
I have also run AVG and Spybot 1.4 and all give a clean health.Any
suggestion please, thanks

 

[Dave Patrick]

I'd ask the application developer.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

 

[philo]

Install the Avira AntiVirus and unpon reboot, it say it found a file that
contains suspicious code Heur/malware at location
c:\winnt\system32\ratbgpi.dll. it gives me the option of quaratine/deny
access. Choosing either option, the message still remains even after clicking
many times
I have also run AVG and Spybot 1.4 and all give a clean health.Any
suggestion please, thanks

try just plain renaming it (such as ratbgpi.xxx)
and if your system runs ok then delete it entirely

 

[Guest]

Do you mean remain the .dll file? thanks

try just plain renaming it (such as ratbgpi.xxx)
and if your system runs ok then delete it entirely

 

[philo]

Do you mean remain the .dll file? thanks

yes, rename the .dll file in question.

 

[Guest]

Tried in normal and safe mode, cannot be renamed, it says 'file been used by
windows'

 

[philo]

Tried in normal and safe mode, cannot be renamed, it says 'file been used by
windows'

Then you will need to find out where the process is starting.


You may have to look in the registry


HKEY_LOCAL_MACHINE
software
microsoft
windows
current version
run


then delete the reference

 

[Guest]

expand run>optional components>
right pan
IMAIL>default REG_SZ value not set
installed REG_SZ 1

MAPI>default REG_SZ value not set
installed REG_SZ 1
NoChange REG_SZ 1


MSFS>default REG_SZ value not set
installed REG_SZ 1

So which DATA should I delete or modify

Appreciate your follow, thanks

 

[Dave Patrick]

You'll need to find the process that loaded it.

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/processmonitor.mspx
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ListDlls.mspx


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

 

[philo]

expand run>optional components>
right pan
IMAIL>default REG_SZ value not set
installed REG_SZ 1

MAPI>default REG_SZ value not set
installed REG_SZ 1
NoChange REG_SZ 1


MSFS>default REG_SZ value not set
installed REG_SZ 1

So which DATA should I delete or modify

Appreciate your follow, thanks


"

Those entries look normal
so it's got to be somewhere else.

Off hand I do not know which process it would be